void AuthRepositoryServer::setUserPassword ( const std::string &userStaticId, const std::string &newPassword )
{
LogConfig::logger()->info ( "changing password for: %s", userStaticId.c_str() );
//check permissions
if ( m_userStaticId == userStaticId ) {
setCredentials ( userStaticId, newPassword );
} else {
authrepo::DBDataSource src;
authrepo::CommitNode myHead ( &m_dbStructure, src.getTaggedCommit ( "head" ) );
myHead.load ( &src );
myHead.setUserPermissions ( m_userStaticId );
const authrepo::DBEntity *user = m_dbStructure.getByName ( "user" );
authrepo::DataNode * userNode = myHead.getIndex()->getIndex ( user )->findStaticId ( userStaticId );
if ( userNode ) {
authrepo::PermissionInfo p ( authrepo::pfEditPermissions, user );
userNode->checkPermission ( p );
if ( p.isNoFlags() )
setCredentials ( userStaticId, newPassword );
else
throw std::runtime_error ( "no permissions for user: "******"unknown user: " + userStaticId );
}
}
void ConfigurationManager::setCredentials(const std::string& accountID,
const std::vector<std::map<std::string, std::string> >& details)
{
const auto sipaccount = Manager::instance().getAccount<SIPAccount>(accountID);
if (sipaccount)
sipaccount->setCredentials(details);
}
void IBrainCloudComms::filterIncomingMessages(const ServerCall* servercall, const Json::Value& response)
{
//This is a hook to perform processing on any messages that come in, before they are sent to the calling application.
if (servercall->getService() == ServiceName::AuthenticateV2 && servercall->getOperation() == ServiceOperation::Authenticate)
{
_isAuthenticated = true;
setCredentials(response);
// pick up the timeout interval from the auth call
if (_heartbeatInterval == 0)
{
if (response["data"] != Json::nullValue && response["data"]["playerSessionExpiry"] != Json::nullValue)
{
int sessionTimeout = response["data"]["playerSessionExpiry"].asInt();
sessionTimeout = (int)(sessionTimeout * 0.85);
if (sessionTimeout > 30) // minimum 30 secs
{
_heartbeatInterval = sessionTimeout * 1000;
}
}
}
}
else if (servercall->getService() == ServiceName::PlayerState
&& (servercall->getOperation() == ServiceOperation::FullReset
|| servercall->getOperation() == ServiceOperation::Logout))
{
_isAuthenticated = false;
_sessionId.clear();
_client->getAuthenticationService()->clearSavedProfileId();
}
else if (servercall->getService() == ServiceName::File
&& (servercall->getOperation() == ServiceOperation::PrepareUserUpload))
{
startFileUpload(response);
}
}
int
main(int argc, char *argv[])
{
if (argc < 4 || strcmp(argv[1], "--help") == 0)
usage(argv[0]);
if (geteuid() != 0)
fatal("Must be run as root");
/* Set "no setuid fixup" securebit so that when we switch to
a nonzero UID, we don't lose capabilities */
if (prctl(PR_SET_SECUREBITS, SECBIT_NO_SETUID_FIXUP, 0, 0, 0) == -1)
errExit("prctl");
setCredentials(argv[1]);
setAmbientCapabilities(argv[2]);
/* Execute the program (with arguments) named in argv[3]... */
execvp(argv[3], &argv[3]);
errExit("execvp");
}
static bool buildOptions(FetchRequest::InternalRequest& request, ScriptExecutionContext& context, const Dictionary& init)
{
JSC::JSValue window;
if (init.get("window", window)) {
if (!window.isNull())
return false;
}
if (!setReferrer(request, context, init))
return false;
String value;
if (init.get("referrerPolicy", value) && !setReferrerPolicy(request.options, value))
return false;
if (init.get("mode", value) && !setMode(request.options, value))
return false;
if (request.options.mode() == FetchOptions::Mode::Navigate)
return false;
if (init.get("credentials", value) && !setCredentials(request.options, value))
return false;
if (init.get("cache", value) && !setCache(request.options, value))
return false;
if (init.get("redirect", value) && !setRedirect(request.options, value))
return false;
init.get("integrity", request.integrity);
if (init.get("method", value) && !setMethod(request.request, value))
return false;
return true;
}
void
CredentialsManager::setCredentials( const QString& serviceName, const QString& key, const QString& value )
{
setCredentials( CredentialsStorageKey( serviceName, key ), QVariant( value ), true );
}
OAuth10HTTPClient::OAuth10HTTPClient(const OAuth10Credentials& credentials)
{
setCredentials(credentials);
}
void HTTPRequest::setProxyCredentials(const std::string& scheme, const std::string& authInfo)
{
setCredentials(PROXY_AUTHORIZATION, scheme, authInfo);
}
LibFritzInit::LibFritzInit(QString username, QString password, fritz::EventHandler *eventHandler) {
setTerminationEnabled(true);
this->eventHandler = eventHandler;
setCredentials(username, password);
}
void SIPAccount::unserialize (Conf::MappingNode *map)
{
Conf::MappingNode *srtpMap;
Conf::MappingNode *tlsMap;
Conf::MappingNode *zrtpMap;
assert(map);
map->getValue(aliasKey, &_alias);
map->getValue(typeKey, &_type);
map->getValue(usernameKey, &_username);
map->getValue(hostnameKey, &_hostname);
map->getValue(accountEnableKey, &_enabled);
map->getValue(mailboxKey, &_mailBox);
map->getValue(codecsKey, &_codecStr);
// Update codec list which one is used for SDP offer
setActiveCodecs (ManagerImpl::unserialize (_codecStr));
map->getValue(ringtonePathKey, &_ringtonePath);
map->getValue(ringtoneEnabledKey, &_ringtoneEnabled);
map->getValue(expireKey, &_registrationExpire);
map->getValue(interfaceKey, &_interface);
int port;
map->getValue(portKey, &port);
_localPort = port;
map->getValue(publishAddrKey, &_publishedIpAddress);
map->getValue(publishPortKey, &port);
_publishedPort = port;
map->getValue(sameasLocalKey, &_publishedSameasLocal);
map->getValue(resolveOnceKey, &_resolveOnce);
std::string dtmfType;
map->getValue(dtmfTypeKey, &dtmfType);
_dtmfType = (dtmfType == "overrtp") ? OVERRTP : SIPINFO;
map->getValue(serviceRouteKey, &_serviceRoute);
// stun enabled
map->getValue(stunEnabledKey, &_stunEnabled);
map->getValue(stunServerKey, &_stunServer);
// Init stun server name with default server name
_stunServerName = pj_str ( (char*) _stunServer.data());
map->getValue(displayNameKey, &_displayName);
std::vector<std::map<std::string, std::string> > creds;
Conf::YamlNode *credNode = map->getValue (credKey);
/* We check if the credential key is a sequence
* because it was a mapping in a previous version of
* the configuration file.
*/
if (credNode && credNode->getType() == Conf::SEQUENCE) {
Conf::SequenceNode *credSeq = (Conf::SequenceNode *) credNode;
Conf::Sequence::iterator it;
Conf::Sequence *seq = credSeq->getSequence();
for(it = seq->begin(); it != seq->end(); ++it) {
Conf::MappingNode *cred = (Conf::MappingNode *) (*it);
std::string user;
std::string pass;
std::string realm;
cred->getValue(USERNAME, &user);
cred->getValue(PASSWORD, &pass);
cred->getValue(REALM, &realm);
std::map<std::string, std::string> map;
map[USERNAME] = user;
map[PASSWORD] = pass;
map[REALM] = realm;
creds.push_back(map);
}
}
if (creds.empty()) {
// migration from old file format
std::map<std::string, std::string> credmap;
std::string password;
map->getValue(passwordKey, &password);
credmap[USERNAME] = _username;
credmap[PASSWORD] = password;
credmap[REALM] = "*";
creds.push_back(credmap);
}
setCredentials (creds);
// get srtp submap
srtpMap = (Conf::MappingNode *) (map->getValue (srtpKey));
if (srtpMap) {
srtpMap->getValue(srtpEnableKey, &_srtpEnabled);
srtpMap->getValue(keyExchangeKey, &_srtpKeyExchange);
srtpMap->getValue(rtpFallbackKey, &_srtpFallback);
}
// get zrtp submap
zrtpMap = (Conf::MappingNode *) (map->getValue (zrtpKey));
if (zrtpMap) {
zrtpMap->getValue(displaySasKey, &_zrtpDisplaySas);
zrtpMap->getValue(displaySasOnceKey, &_zrtpDisplaySasOnce);
zrtpMap->getValue(helloHashEnabledKey, &_zrtpHelloHash);
zrtpMap->getValue(notSuppWarningKey, &_zrtpNotSuppWarning);
}
// get tls submap
tlsMap = (Conf::MappingNode *) (map->getValue (tlsKey));
if (tlsMap) {
tlsMap->getValue(tlsEnableKey, &_tlsEnable);
tlsMap->getValue(tlsPortKey, &_tlsPortStr);
tlsMap->getValue(certificateKey, &_tlsCertificateFile);
tlsMap->getValue(calistKey, &_tlsCaListFile);
tlsMap->getValue(ciphersKey, &_tlsCiphers);
tlsMap->getValue(methodKey, &_tlsMethod);
tlsMap->getValue(tlsPasswordKey, &_tlsPassword);
tlsMap->getValue(privateKeyKey, &_tlsPrivateKeyFile);
tlsMap->getValue(requireCertifKey, &_tlsRequireClientCertificate);
tlsMap->getValue(serverKey, &_tlsServerName);
tlsMap->getValue(verifyClientKey, &_tlsVerifyServer);
tlsMap->getValue(verifyServerKey, &_tlsVerifyClient);
// FIXME
tlsMap->getValue(timeoutKey, &_tlsNegotiationTimeoutSec);
tlsMap->getValue(timeoutKey, &_tlsNegotiationTimeoutMsec);
}
}
void Ssu::requestFinished(QNetworkReply *reply){
QSslConfiguration sslConfiguration = reply->sslConfiguration();
SsuLog *ssuLog = SsuLog::instance();
SsuCoreConfig *settings = SsuCoreConfig::instance();
ssuLog->print(LOG_DEBUG, QString("Certificate used was issued for '%1' by '%2'. Complete chain:")
.arg(sslConfiguration.peerCertificate().subjectInfo(QSslCertificate::CommonName))
.arg(sslConfiguration.peerCertificate().issuerInfo(QSslCertificate::CommonName)));
foreach (const QSslCertificate cert, sslConfiguration.peerCertificateChain()){
ssuLog->print(LOG_DEBUG, QString("-> %1").arg(cert.subjectInfo(QSslCertificate::CommonName)));
}
// what sucks more, this or goto?
do {
if (settings->contains("home-url")){
QString homeUrl = settings->value("home-url").toString().arg("");
homeUrl.remove(QRegExp("//+$"));
QNetworkRequest request = reply->request();
if (request.url().toString().startsWith(homeUrl, Qt::CaseInsensitive)){
// we don't care about errors on download request
if (reply->error() > 0) break;
QByteArray data = reply->readAll();
storeAuthorizedKeys(data);
break;
}
}
if (reply->error() > 0){
pendingRequests--;
setError(reply->errorString());
return;
} else {
QByteArray data = reply->readAll();
qDebug() << "RequestOutput" << data;
QDomDocument doc;
QString xmlError;
if (!doc.setContent(data, &xmlError)){
pendingRequests--;
setError(tr("Unable to parse server response (%1)").arg(xmlError));
return;
}
QString action = doc.elementsByTagName("action").at(0).toElement().text();
if (!verifyResponse(&doc)) break;
if (action == "register"){
if (!registerDevice(&doc)) break;
} else if (action == "credentials"){
if (!setCredentials(&doc)) break;
} else {
pendingRequests--;
setError(tr("Response to unknown action encountered: %1").arg(action));
return;
}
}
} while (false);
pendingRequests--;
ssuLog->print(LOG_DEBUG, QString("Request finished, pending requests: %1").arg(pendingRequests));
if (pendingRequests == 0)
emit done();
}
void Request::setProxyCredentials(const std::string& scheme, const std::string& authInfo)
{
setCredentials("Proxy-Authorization", scheme, authInfo);
}
void Ssu::requestFinished(QNetworkReply *reply){
QSslConfiguration sslConfiguration = reply->sslConfiguration();
SsuLog *ssuLog = SsuLog::instance();
SsuCoreConfig *settings = SsuCoreConfig::instance();
QNetworkRequest request = reply->request();
QVariant originalDomainVariant = request.attribute(SSU_NETWORK_REQUEST_DOMAIN_DATA);
#if QT_VERSION >= QT_VERSION_CHECK(5, 0, 0)
ssuLog->print(LOG_DEBUG, QString("Certificate used was issued for '%1' by '%2'. Complete chain:")
.arg(sslConfiguration.peerCertificate().subjectInfo(QSslCertificate::CommonName).join(""))
.arg(sslConfiguration.peerCertificate().issuerInfo(QSslCertificate::CommonName).join("")));
foreach (const QSslCertificate cert, sslConfiguration.peerCertificateChain()){
ssuLog->print(LOG_DEBUG, QString("-> %1").arg(cert.subjectInfo(QSslCertificate::CommonName).join("")));
}
#else
ssuLog->print(LOG_DEBUG, QString("Certificate used was issued for '%1' by '%2'. Complete chain:")
.arg(sslConfiguration.peerCertificate().subjectInfo(QSslCertificate::CommonName))
.arg(sslConfiguration.peerCertificate().issuerInfo(QSslCertificate::CommonName)));
foreach (const QSslCertificate cert, sslConfiguration.peerCertificateChain()){
ssuLog->print(LOG_DEBUG, QString("-> %1").arg(cert.subjectInfo(QSslCertificate::CommonName)));
}
#endif
pendingRequests--;
QString action;
QByteArray data;
QDomDocument doc;
QString xmlError;
/// @TODO: indicate that the device is not registered if there's a 404 on credentials update url
if (settings->contains("home-url")){
QString homeUrl = settings->value("home-url").toString().arg("");
homeUrl.remove(QRegExp("//+$"));
if (request.url().toString().startsWith(homeUrl, Qt::CaseInsensitive)){
// we don't care about errors on download request
if (reply->error() == 0) {
QByteArray data = reply->readAll();
storeAuthorizedKeys(data);
}
goto success;
}
}
if (reply->error() > 0){
setError(reply->errorString());
goto failure;
}
data = reply->readAll();
ssuLog->print(LOG_DEBUG, QString("RequestOutput %1")
.arg(data.data()));
if (!doc.setContent(data, &xmlError)){
setError(tr("Unable to parse server response (%1)").arg(xmlError));
goto failure;
}
action = doc.elementsByTagName("action").at(0).toElement().text();
if (!verifyResponse(&doc)) {
goto failure;
}
ssuLog->print(LOG_DEBUG, QString("Handling request of type %1")
.arg(action));
if (action == "register") {
if (registerDevice(&doc)) {
goto success;
}
} else if (action == "credentials") {
if (setCredentials(&doc)) {
goto success;
}
} else {
setError(tr("Response to unknown action encountered: %1").arg(action));
}
failure:
// Restore the original domain in case of failures with the registration
if (!originalDomainVariant.isNull()) {
QString originalDomain = originalDomainVariant.toString();
ssuLog->print(LOG_DEBUG, QString("Restoring domain on error: '%1'").arg(originalDomain));
setDomain(originalDomain);
}
// Fall through to cleanup handling in success from failure label
success:
ssuLog->print(LOG_DEBUG, QString("Request finished, pending requests: %1").arg(pendingRequests));
if (pendingRequests == 0) {
emit done();
}
}
